Today I saw the CrowdStrike report and asked ChatGPT to write the blog

so I typed in write a blog about https://go.crowdstrike.com/rs/281-OBQ-266/images/CrowdStrike2023GlobalThreatReport.pdf

The image above is what I got asking Dall-E for an image of and android blogger..

Chat GPT didn’t do too bad either!! - read below

The cybersecurity landscape is in a constant state of flux and it can be difficult to keep up with the latest threats and trends.

The annual CrowdStrike Global Threat Report is out and it provides a comprehensive overview of the current state of cybersecurity, including the latest threats and attack techniques.

This year's report highlights the growing impact of cybercrime, as well as the increasing sophistication and collaboration of malicious actors. It also provides insights into how organizations should respond to these threats – including how they can use artificial intelligence (AI) and machine learning to enhance their security posture.

The 2023 CrowdStrike Global Threat Report highlights the growing sophistication of cyberattacks, particularly those carried out by state-sponsored actors from countries like China, Russia, and Iran. These attackers use a variety of techniques that change frequently, making them difficult to detect using traditional security tools like firewalls. As a result, organizations need to take a proactive approach to cybersecurity and invest in the latest technologies and best practices to protect against these threats.

One of the most concerning trends highlighted in the report is the rise of ransomware attacks. These attacks are simple for hackers to carry out – they typically involve sending an email with an attachment containing malware that encrypts your files until you pay a ransom – and they are increasingly profitable. In fact, the report notes that ransomware attacks resulted in over $5 billion in payments in 2022 alone.

Another major threat highlighted in the report is attacks on critical infrastructure, which are on the rise. These attacks can have serious consequences, such as disrupting essential services like power grids and water supplies. As the report notes, cybersecurity is a shared responsibility – not just for enterprises, but also for suppliers and partners who may be affected by cyber incidents.

AI and machine learning are playing an increasingly important role in both cyberattacks and defense strategies. Attackers are using AI and machine learning to make their attacks more sophisticated and harder to detect, while defenders are using these technologies to stay ahead of their adversaries. The report emphasizes the need for organizations to invest in these technologies to protect against evolving threats.

The report also provides practical guidance for organizations looking to improve their cybersecurity posture. This includes implementing multi-factor authentication (MFA) across all systems, using machine learning algorithms to detect suspicious activity on networks, and conducting regular audits of systems, applications, databases, and servers.

In conclusion, the 2023 CrowdStrike Global Threat Report provides valuable insights into the current state of cybersecurity. It highlights the growing sophistication of cyberattacks, the rise of ransomware attacks, and the importance of AI and machine learning in both attacks and defense strategies. To protect against these evolving threats, organizations need to take a proactive approach to cybersecurity and invest in the latest technologies and best practices.

The boring stuff first —WTF is XSS? —

if you already know this

Scroll down to “Weaponization of HTML attachments with XSS Techniques.”

Otherwise - this is the way! (mando!)

What is cross-site scripting (XSS)?

Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user's data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data.

Verbatim copied from — https://portswigger.net/web-security/cross-site-scripting as their wheel was working fine no need to fine tune!

How does XSS work?

Cross-site scripting works by manipulating a vulnerable web site so that it returns malicious JavaScript to users. When the malicious code executes inside a victim's browser, the attacker can fully compromise their interaction with the application.

Verbatim copied from — https://portswigger.net/web-security/cross-site-scripting yep.. thats how I would have said it too.

Weaponization of HTML attachments with XSS Techniques - Phishing da fools who open email attachments ending in HTML!

Recently I have witnessed XSS (Cross-site Scripting) successfully used in a phishing attack. Rather than scanning for vulnerabilities in web pages, threat actors are now just sending you the web page as an attachment loaded with browser friendly imbedded XSS scripts to undress your local defenses. Any of the techniques that are found in XSS Cheat sheet can be used to launch these attacks.

XSS is a great way to get past your local defenses, by sending you the web page as a file and notifying you of an incoming file attachment, threat actors have effectively used XSS without having to worry about bypassing local browser protections (CSRF)

So don’t threaten me with a good investigation!

As a Forensic Investigator, I am always watching out for new phishing attacks, but the last one that crossed my way was pretty cool.

So I wanted to talk about it.

It came in the form of an email with an HTML attachment that looked like a legitimate notification and instantly got the user fooled.

Here is the example of what I have seen in the past using this little technique.

Threat actor does something normal like inline some graphics like create a purple square -

src="data:image/svg+xml;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnPjxyZWN0IHdpZHRoPSc1MCcgaGVpZ2h0PSc1MCcgc3R5bGU9J2ZpbGw6ICNiMGI7JyAvPjwvc3ZnPg=="

Which literally converts to …

harmless right??

NOT HARMLESS - this also means our unisex threat monster can embed

Base64 encoded —  <script></script>  — 

in a separate base64 as no AV is going to double decode so…. lets all hold hands and say BYPASS… together now.

blah blah blah… no no I mean BLOB BLOB BLOB

Binary Large Object TIME!

Base64 something fun like this ..  
<script>//<![CDATA[
        …code…MAKE ME A BLOB ...code...
    //]]>
    </script>
and your pooched.. 

XSS is such an old vulnerability that people don't really care about anymore as most browsers defend against code injection techniques. however if the code is already embedded then the "Hidden XSS code " can uses a series of Unicode characters to hide a malicious code in a image vector that is generated client side.

SO Check your payloads at the door … Or just check em out here ..

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/README.md

Whew … that was fun.

I posted this originally in 2015 but thought I would re-share!

Artist Chaz Hutton is a genius. He’s created a series of hilarious graphs and a successful Instagram account all with just a pen and some post-it notes. Have a first world problem? He’s probably tackled it in one of his graphs. Here’s just a sampling of what he’s done so far.

In this article, we will take a detailed look at the use of language models in AI-based threat detection. We'll examine how these models can be used to detect polymorphing code and malicious prompts that bypass EDR filters. We’ll also talk about why these techniques are so effective, and what may happen if they aren't used correctly.

Polymorphic Code

Polymorphic code is a type of malware that changes its behavior to avoid detection. Polymorphic code can be detected through machine learning, which is used to identify patterns in text. The use of language models allows for this detection because they are able to identify patterns in text by looking at the length of words and phrases, as well as their frequency within the corpus (collection) being analyzed.

The Importance of Language Models in AI Detection

Language is a powerful tool. It's how we interact with each other and the world around us. It can be used to express our thoughts and emotions, or simply to get a point across.

Language models are an essential part of artificial intelligence (AI) detection systems because they help computers understand how humans communicate with one another--and what those interactions mean.

When you're trying to detect malware or other malicious behavior on your computer or network, it's important that your security software understands human language as well as possible so it doesn't flag false positives or miss threats altogether!

Malicious Prompts that Bypass EDR Filters

Polymorphic code is a type of malicious software that is capable of changing its appearance. This makes it difficult for traditional antivirus products to detect and block.

The OpenAI API client, an otherwise harmless API, was recently used in a polymorphic code simulation to bypass EDR filters. The simulation involved using the OpenAI API client as part of a malicious prompt which would then execute python code (a second layer) without needing any user interaction other than clicking on "OK" - Jeff Sims Principal Security Engineer - HYAS InfoSec / @1337_Revolution / —- kick ass research which is featured here on Dark Reading. says “I created a simple proof of concept (PoC) exploiting a large language model to synthesize polymorphic keylogger functionality on-the-fly, dynamically modifying the benign code at runtime — all without any command-and control infrastructure to deliver or verify the malicious keylogger functionality”

https://www.darkreading.com/endpoint/ai-blackmamba-keylogging-edr-security

And you can find his whitepaper here!

Language models will be one of the most powerful tools for detecting advanced persistent threats.

Language models are a type of NLP (natural language processing). They can be used to detect malicious prompts by comparing them with known good prompts. They are also used in ChatGPT, as well as other systems such as DeepHack and A2I2.

Conclusion

The use of language models in AI detection is a powerful tool for detecting advanced persistent threats. Polymorphic code has been around since the dawn of computing, but now it's being used in new and innovative ways that make it even harder to detect. Language models can help us identify these threats before they cause damage by detecting malicious prompts that bypass EDR filters or other security measures.

Microsoft researchers have discovered a large operation that is using phishing kits to send millions of emails daily with malicious attachments. The company believes that this campaign is responsible for the recent uptick in phishing attacks against companies and organizations worldwide. This type of attack involves sending emails with malicious links or attachments designed to trick people into giving up sensitive information like passwords and credit card numbers. The have now evolved into a monthly subscription service pricing from $300 - $1000 / month.

Phishing kits are used to obtain credentials and install spyware.

Phishing kits are used to send millions of emails daily, according to a recent Microsoft report. The emails contain malicious attachments that can infect the recipient's computer and install spyware or ransomware.

Phishing kits allow cybercriminals to easily create customized phishing campaigns with little technical knowledge required. They're available for sale on underground forums and marketplaces, where they sell for as little as $100 per kit or individual component (such as templates).

The emails use Microsoft Exchange as an attack vector.

• The emails are being sent to a large number of recipients.

• The emails are being sent in large volumes.

• The attackers have a high degree of success with their phishing campaigns, which is why Microsoft is warning users about them now.

The malware can steal email credentials and session cookies, install spyware and distribute ransomware.

Phishing kits are pre-packaged software tools that cybercriminals use to create phishing emails. These kits allow attackers to easily send millions of emails, targeting thousands of recipients at once. The malware can steal email credentials and session cookies, install spyware and distribute ransomware.

Microsoft warns that this type of malicious activity is on the rise due to its ease of use: "The only thing a bad guy needs is access to an email account (or several) with credentials; then he can create thousands more accounts just like those," says Microsoft Security Response Center researcher Matt Nelson in his blog post about phishing kits.

The company is working with law enforcement to identify the source of these attacks.

Microsoft is working with law enforcement to identify the source of these attacks. The company is also working with other companies to help protect customers, and it's reaching out to security researchers who can help identify new variants of these phishing kits.

Microsoft says it will continue to update its antispam filters and other security tools as it learns more about this large-scale campaign.

Other phishing attacks may be using these kits as well, researchers warn

Phishing kits are used by hackers to easily create and send thousands of emails that look like they're from a legitimate company. The kits allow the attacker to change the subject line, body text, logo and other elements of an email without needing to write code or know how to use HTML.

Typically, these phishing attacks will appear as an email from a bank or another financial institution asking you to click on an attachment or link within the message. Once you click on it, you're directed to what looks like an official login page for your bank where you enter your username and password--but it's actually stealing those credentials for hackers' use later on (or worse).

Microsoft says that although most security companies have been able to identify these malicious emails before they reach users' inboxes--thanks in part because they contain certain keywords like "password reset" or "account verification"--the sheer number being sent means some people will still fall victim if they don't know what signs indicate whether something is fishy.

Conclusion

Microsoft has issued a warning about the use of phishing kits that could send millions of emails each day. The company says it has identified at least two such kits that are being used to target users with malicious attachments and URLs. These attacks use Microsoft Exchange as an attack vector, which means they can bypass most email filters because they look legitimate. However, Microsoft says its own security systems have been able to detect these emails since last year and block them before they reach users' inboxes

To Fix this annoying problem go into click on start + run or Windows key + R or click on start and type regedit.

Once in the registry go to 

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Option 

and right click create new dword and name it DisableAutoCompleteUpdate

then modify it giving it a HEX value of 1 

Restart your outlook.!

chrome on a mac OSX white screen and Aw snap errors

If you have have been experiencing this really annoying problem. While using Chrome on MacBook or any mac osx, it keeps going into blank white pages. On every website such as YouTube, google etc. you may want to follow the following repair steps.

1. restart ha ha I know this is obvious but it can work sometimes.

2. Download and reinstall chrome if this doesn't work then

3. try chrome under a different user profile and see if this is a profile error

4. even if it is a profile error you can go to http://google-chrome.en.uptodown.com/mac/old and download an older version once installed and works you may be able to update it back to the new one after but see if this helps 

I live In Toronto and eat out all the time. My girlfriend and I enjoy eating at different restaurants in the city once or twice a month. And after years of eating and trying new places this place just rocketed to the top of my list! FOODIES LISTEN UP THIS IS GOOD STUFF. 

Girlfriend wanted to take me here for my birthday and its Game 6 at Halftime Raptors are down and she has reservations for 9:30pm FAK!  Please don't take me to a pretentious place over priced and tasteless that we leave hungry from Please! Oh well No big deal I can put the game on my phone!  

The Staff are really happy and in a great mood.

We had the chefs menu.  Modestly priced at $60 each and then the magic began. We also had a couple of pinot noir that complemented the meal perfectly.

An amuse-bouche came out and startled my palette I have no idea what was on that cracker but it was delicious.

then it started with THE CHOPPED SALAD,
vegetables, quinoa, jalapeno feta, harissa chickpeas  These flavors these harmonized in your mouth. And it wasn't too much of anything and the perfect amount of everything. Wow that was a tasty start. Ok this isn't going to be so bad.

I believe they Brought out something baked and made of Ricotta Cheese that was so delicious that the score of the game wasn't bothering me at all.

After came out
PASTRAMI, 
steelhead trout, crème fraiche, sauerkraut, mustard seed, caraway
I the Mustard Seed was pickled and brought excitement to the Trout This was A hit. 

At this point I turned my phone off and just was focused on how tasty everything was so far. So far this place has knocked the first two out of the park whats next....

SECRETO PORK,
gulf shrimp, XO sauce, black garlic, shitakes, ramps, puffed farro
ARE YOU KIDDING ME? Another home run? how is this happening? this tasted better then the last thing they sent out. And it's not pretentious portions its just the right amount of food as there is still more to come. Wow at this point I'm just excited to see what is next.So just after that dish made me happy like Kevin Pillar climbing a wall to make a catch came the
TRUFFLE GNUDI,
mushrooms, portobello soil, pickled shimeji, walnut pesto
I start thinking these guys sold souls to get this good. How ? How? How could they put this food in this order so that you will always be tasting these flavors in layers. Everything and I mean Everything is so damb good wtf.

after which the chef sends out these crispy cheese covered goodness
BRUSSEL SPROUTS,
scotch bonnet vinegar, cauliflower cheese, fried onion

And then Lamb done the way it should be
SPIDUCCI, lamb tenderloin, halloumi, labneh, pomegranate, pine nut gremolata
This Fusion was like a mix of Italy and Lebennon and Iran in every bite just marvelous. My Girlfriend and I are just in Awe truly unexpected greatness And the knock out punch came 

BANGKOK BOWL,
yellow fin tuna, calamari, mango jicama slaw, smoked peanuts

And then they finished it off with a beautiful and very tasty dessert

CEREAL,
cornflake ice cream, malt chocolate, clusters, malt pudding

JEEBUZZ Who? how? what? why? when? as in 

WHO ARE THESE AMAZING PEOPLE? 
HOW IS IT WE DID WE NOT COME HERE BEFORE?
WHAT JUST HAPPENED? DID WE JUST EAT HERE?
WHY WERE WE LATE TO THE RASA EXISTENCE?
WHEN ARE WE COMING BACK? 

I am now looking forward to finding any reason to eat here!
I now know why the staff is so happy.. NO ONE IS LEAVING DISAPPOINTED that would mean no complaints about the food the price and great tips.  Hats off to you people at Rasa this place is going to be around for a very long time! Thank you for that experience!

If any of you want to know where it is here it is. Website is here www.rasabar.ca

NEED A KICK ASS WEBSITE?

That hard drive you use to store all your important documents won’t last forever. Neither will the servers holding those family photos you uploaded to the cloud. If properly stored, paper documents can last for centuries, but they can also be easily destroyed by mold or fire.

But scientists in Switzerland think they’ve come up with a method that could theoretically store “all of civilization’s knowledge… within a few cubic meters” for an almost unlimited amount of time.

Researchers Robert Grass and Reinhard Heckel of ETH Zurich are aiming to translate information into DNA and store the code in small glass capsules, essentially fossilizing human knowledge for future generations. Here’s Dr. Grass explaining the process: